04-22-2007 10:18 PM - edited 03-03-2019 04:39 PM
hello. why aaa authorization is used? i saw example like this :
aaa authorization network tacacs+ none
aaa authorization connection tacacs+ if-authenticated
aaa authorization exec tacacs+ if-authenticated
aaa authorization command 1 tacacs+ if-authenticated
aaa authorization command 15 tacacs+ if-authenticated
is there benefits from using this? i only use the aaa authentication and wonder why someone used authorization. tx.
04-23-2007 12:17 AM
Friend,
With authorization you have control over the privilege levels assigned to users.
you may require a certain group of people to have only read rights and another group having full rights (priv level 15)which can be done with the help of autorization in AAA
HTH
Narayan
04-23-2007 01:36 AM
tx royalblues, i want to know how the logic between router and aaa server. Do we need to configure command level and the exec shell to the user at the ACS too? so for example at the server we enter something like "for user X has able to execute show version and reload". btw how to configure access-list to the user so he only authorized only to access specified subnet and time-restriction access. do you have example to figuring out? please helps from you. tx :)
04-23-2007 01:54 AM
You can configure shell authorization sets in Cisco ACS server which can restrict the user with certain commands.
The other options might be configurable too.
Have a look at this link
http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacsapp/csapp40/index.htm
HTH, rate if it does
Narayan
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide